You can follow this procedure to verify multiple Windows sensor files. This procedure generally applies to installed products/packages.
Prerequisites
You must know which files can be verified. Typically, files that cannot be verified change during the use of the product, such as configuration files or JIT compiled files.
Procedure
- Create a file that contains a list of files to verify, one file name per line. The following example includes relevant files for a x64 install package:
C:\users\user_name\desktop\cbd-setup64-3.8.0.276.msi
C:\program files\confer\api-ms-win-core-console-l1-1-0.dll
C:\program files\confer\api-ms-win-core-datetime-l1-1-0.dll
C:\program files\confer\api-ms-win-core-debug-l1-1-0.dll
C:\program files\confer\api-ms-win-core-errorhandling-l1-1-0.dll
C:\program files\confer\api-ms-win-core-file-l1-1-0.dll
C:\program files\confer\api-ms-win-core-file-l1-2-0.dll
C:\program files\confer\api-ms-win-core-file-l2-1-0.dll
C:\program files\confer\api-ms-win-core-handle-l1-1-0.dll
C:\program files\confer\api-ms-win-core-heap-l1-1-0.dll
C:\program files\confer\api-ms-win-core-interlocked-l1-1-0.dll
C:\program files\confer\api-ms-win-core-libraryloader-l1-1-0.dll
C:\program files\confer\api-ms-win-core-localization-l1-2-0.dll
C:\program files\confer\api-ms-win-core-memory-l1-1-0.dll
C:\program files\confer\api-ms-win-core-namedpipe-l1-1-0.dll
C:\program files\confer\api-ms-win-core-processenvironment-l1-1-0.dll
C:\program files\confer\api-ms-win-core-processthreads-l1-1-0.dll
C:\program files\confer\api-ms-win-core-processthreads-l1-1-1.dll
C:\program files\confer\api-ms-win-core-profile-l1-1-0.dll
C:\program files\confer\api-ms-win-core-rtlsupport-l1-1-0.dll
C:\program files\confer\api-ms-win-core-string-l1-1-0.dll
C:\program files\confer\api-ms-win-core-synch-l1-1-0.dll
C:\program files\confer\api-ms-win-core-synch-l1-2-0.dll
C:\program files\confer\api-ms-win-core-sysinfo-l1-1-0.dll
C:\program files\confer\api-ms-win-core-timezone-l1-1-0.dll
C:\program files\confer\api-ms-win-core-util-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-conio-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-convert-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-environment-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-filesystem-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-heap-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-locale-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-math-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-multibyte-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-private-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-process-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-runtime-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-stdio-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-string-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-time-l1-1-0.dll
C:\program files\confer\api-ms-win-crt-utility-l1-1-0.dll
C:\program files\confer\concrt140.dll
C:\program files\confer\msvcp140.dll
C:\program files\confer\ucrtbase.dll
C:\program files\confer\vccorlib140.dll
C:\program files\confer\vcruntime140.dll
C:\program files\confer\BladeRunner.exe
C:\program files\confer\CbNativeMessagingHost.exe
C:\program files\confer\RepCLI.exe
C:\program files\confer\RepMgr.exe
C:\program files\confer\RepUtils.exe
C:\program files\confer\RepUx.exe
C:\program files\confer\RepWAV.exe
C:\program files\confer\RepWmiUtils.exe
C:\program files\confer\RepWSC.exe
C:\program files\confer\Uninstall.exe
C:\program files\confer\VHostComms.exe
C:\program files\confer\blades\livequery\osqueryi.exe
C:\program files\confer\blades\livequery\exts\cbc_plugin_extension.ext.exe
C:\program files\confer\blades\livequery\exts\cbosqext.dll
C:\program files\confer\scanner\apcfile.dll
C:\program files\confer\scanner\apchash.dll
C:\program files\confer\scanner\avupdate.dll
C:\program files\confer\scanner\msvcr120.dll
C:\program files\confer\scanner\savapi.dll
C:\program files\confer\scanner\scew.dll
C:\program files\confer\scanner\scanhost.exe
C:\program files\confer\scanner\upd.exe
- Create a batch file that contains the following text:
@echo off
set FILE=list_of_files
set numFiles=0
set numGoodSigs=0
setlocal ENABLEDELAYEDEXPANSION
for /f "delims== tokens=1,2" %%G in (%FILE%) do (
if not exist "%%G\*" (
set /a numFiles=numFiles+1
(signtool verify /all /hash SHA256 /pa "%%G") && (set /a numGoodSigs=numGoodSigs+1)
)
@echo. & @echo.
)
set /a numBadSigs=numFiles-numGoodSigs
echo %numFiles% files checked
echo %numGoodSigs% verified files
echo %numBadSigs% UNverifiable files
- Change the value of FILE in the batch file to specify the file that you created in Step 1.
- Run the batch file.
Results
A summary of how many files could or could not be verified is written at the end of the output. For example:
File: C:\program files\confer\api-ms-win-core-console-l1-1-0.dll
Index Algorithm Timestamp
========================================
0 sha1 Authenticode
1 sha256 RFC3161
Successfully verified: C:\program files\confer\api-ms-win-core-console-l1-1-0.dll
67 files checked
67 verified files
0 UNverifiable files
